Closed jonsmorrow closed 3 years ago
Here's the WIP code for the data gather itself: https://github.com/chef/automate/pull/4032/files#diff-70bb3ea685fdedab94a082c8045bd456R1
Auth notes:
To toggle Rollout sending on:
chef push
The same possibilities apply for configuring the automate URL.
Based on review of the current version of the tool, I recommend moving forward with the standalone tool. There are a few advantages:
However, there are also some concerns raised by this approach:
There are additional concerns to track, as a result of adding a new API dependency:
We have two places it would make sense to invoke from:
chef push
chef-cli
- either in the chef-cli
in the push
command itself or in PolicyfileServices#upload
At this time, I'm recommending we put it in the post-run behavior of the wrapper after successful run of chef-cli push
but there's probably some discussion to have here:
chef-cli
depends on the metadata gather command being available; but we don't ship that command in chef-cli
.
chef-cli
already has references back into Workstation. I think a difference here is that the dep we're talking about here is two steps removed - it's not Workstation, but a WS component/dependency. The disadvantage to this approach is that directly invoking chef-cli push
will not hit the Rollouts API. Given the current direction of Effortless (no chef server) this may be OK, but we will need to verify it and decide if we need any special handling (like not allowing push
outside of Workstation; or warn if rollouts api is configured but we're not running from within workstation.
Documentation note - Chef Server must be setup to send action reports to Automate. This needs to be part of our setup documentation.
Comment added by Lisa Stidham in Aha! - View
Noting Issue 1316
Note: GitHub integration record type. Please leave out any sensitive information.
Job to be Done:
As a Chef Desktop operator, I want to know what changes a Policyfile revision includes, so I can easier troubleshoot if something goes wrong.
As a Chef Desktop operator, I want to know how many machines are on a given Policyfile revision, so that I can ensure my fleet is up to date with the latest fixes.
Description:
Chef operators can currently generate Policyfile changes and push them to Chef Server. But there is not a way in automate to view who made a Policyfile change, how many machines have updated to that revision, what code changes are included in the Policyfile revision, etc.
Automate is being updated with new endpoints to consume metadata about a given Policyfile "Rollout". A Rollout is the application of a Policyfile revision to a set of nodes. Automate will combine the Rollout information with Chef Server events (EG, chef-client ran a specific policyfile revision) in order to create a new view for users.
Automate proto responese definition: https://github.com/chef/automate/blob/c1adaa428c0189dd09de8c3a78668a8867721ef1/api/external/cfgmgmt/response/rollouts.proto#L40-L107
Design doc: https://github.com/chef/automate/blob/master/components/config-mgmt-service/docs/rollout-metadata-collection-design.md
Acceptance Criteria:
chef push
updated to fetch additional metadata and send it to Automatechef push
, read from local config (EG,.git
), read from environment variableschef push
will attempt to retry any metadata push failures (EG, auth failures)chef push
failures and causes in their CI pipelineStory Map
https://stickies.io/boards/5f238ff67f44436306bfbee1#1
Questions
chef push
command, where/how will we prompt users for a Rollout description?Answers
knife node policy set NODE POLICY_GROUP POLICY_NAME
Field population
All fields besides 1-3 are optional.
Aha! Link: https://chef.aha.io/features/SH-148